Friday April 11th, saw Microsoft release a new hotfix rollup package (build 4.1.3510.0) for Forefront Identity Manager (FIM) 2010 R2. The official documentation for this build can be found on the Microsoft support website under knowledgebase (KB) article 2934816. Download link is here. This build supersedes 4.1.3508.0.
The hotfix contains thirteen (13) BHOLD updates.
Full details of the update, duplicated from the KB for posterity, follow. Hit the KB for the known issues and other details.
Note that this update only includes BHOLD fixes. So while it is a later build than 4.1.3508.0 if you don’t use BHOLD it’s going to be a pointless upgrade, unless you just want to align build numbers.
If a regular expression policy rule is applied for an ABA role, all applied ABA roles are stuck in the pending state for the users and are never assigned.
If a user has an ABA role, and if you try to change a user attribute that is not related to the ABA role, all ABA roles are again marked for policy validation. Additionally, assigned permissions are removed and assigned back.
When you have more than 500 permissions in BHOLD and search permissions on the Supervised Permissions tab of Default Supervisor Role, no results are returned, and you are returned to the previous page.
When you configure an attribute-based role assignment for a role and then you try to click the Show Impact link in the policies section of a role, you receive the following error message:
Object reference not set to an instance of an object
The SP1 build does not let you re-create a permission that was removed from BHOLD earlier.
When you try to change and save a user without changing the end date, you receive the following error message:
Invalid date format
When you try to move an organization unit in the BHOLD Core Portal, you receive the following warning message:
Session ID missing: The Session ID is not found in URL. You can continue working using the menu at the left
The “User by Role” report cannot be generated after the limit of 50,000 users is reached. Additionally, you receive an “Out of memory” exception.
In the BHOLD Self-Service Portal, the role information screen under the Role Requests-Current Roles tab displays no role descriptions or permission details.
When you log on as a typical end-user in the BHOLD Service Portal, the “My Roles” screen is displayed as an empty page even though the user is assigned with both “active” and “proposed” roles.
The BHOLD – Access Management agent cannot perform full imports because of an SQL time-out issue that occurs when there is a load of more than 50,000 to 100,000 users.
BHOLD cannot add permissions to a user by using the BHOLD Connector after these permissions are denied.
When a steward in the BHOLD Attestation portal has multiple resources to attest and is working on approving or denying permissions for one user, other permissions for a different user are changed in the user interface.